scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-02 19:38:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
980 Commits 1 Branch 0 Tags
e41d96384112f20adffc348d882a3673b94cde3c
Commit Graph

56 Commits

Author SHA1 Message Date
qoijjj
e41d963841 feat: multiple securecore improvements 2024-08-26 09:45:20 -07:00
qoijjj
185f539364 fix: securecore build 2024-08-26 00:32:31 -07:00
qoijjj
8eb959669a feat: begin server->securecore migration 2024-08-25 23:27:36 -07:00
qoijjj
967c7551ad feat: sgid reduction (#392) 
* feat: also remove sgid bit

* Update yafti.yml

* Update yafti.yml
 2024-08-23 14:13:22 -07:00
qoijjj
c526c770ba feat: additional setuid reduction and removal of unused packages (#388) 
* feat: additional setuid reduction and removal of unused packages

* leave packages but keep suid removal
 2024-08-23 00:00:54 -07:00
qoijjj
c711b3c398 feat: include brew autoupdate services 2024-08-22 22:38:00 -07:00
qoijjj
1b5e539ec2 fix: audit script cleanup 2024-08-22 12:03:22 -07:00
Rubiginosa
51ad84b1ad feat: Add flatpak auditing to audit-secureblue (#377) 
* increase spacing on print_status

* Merged audit-flatpak into audit-secureblue

* print flatpak remote success

---------

Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-08-21 13:22:11 -07:00
qoijjj
aaf3e4d344 fix: set Recommends=false while waiting for upstream 2024-08-21 13:12:51 -07:00
qoijjj
7ff130f248 fix: typo in audit script 2024-08-20 18:43:21 -07:00
qoijjj
1c38cc7ce7 fix: use alternate delimiter for motd tip 2024-08-20 16:00:04 -07:00
qoijjj
38cbf7715a feat: add audit-secureblue just command (#382) 2024-08-20 15:08:18 -07:00
qoijjj
8c9d2e341c chore: remove patch merged upstream 2024-08-20 11:33:20 -07:00
qoijjj
3b2b1dbd93 fix: url in motd 2024-08-20 10:36:00 -07:00
qoijjj
d6e18573ae feat: add link to release notifications FAQ in motd 2024-08-20 10:34:51 -07:00
qoijjj
327eb2279d docs: add a note to motd to check the latest release notes 2024-08-20 10:28:53 -07:00
qoijjj
06c2883bb1 fix: improve usbguard just command 2024-08-19 18:21:50 -07:00
qoijjj
9d929fb087 chore: adjust patch in response to upstream changes 2024-08-19 15:20:41 -07:00
qoijjj
dd10a99f93 fix: cleanup motd variables 2024-08-18 22:44:35 -07:00
qoijjj
5d4d755b96 chore: remove unusable toggle-nvk just command 2024-08-18 22:04:23 -07:00
qoijjj
49b8ad6efb fix: parse epoch time directly from json for motd 2024-08-18 21:41:21 -07:00
qoijjj
0d3869bbb5 fix: use json format for rpm-ostree in motd 2024-08-18 21:35:05 -07:00
qoijjj
4c04c11b90 fix: typo in justfile script 2024-08-18 20:21:41 -07:00
qoijjj
357ce2934e feat: add tpm2 unlock improvements 2024-08-18 20:00:33 -07:00
qoijjj
78198f4e5a feat: patch brew installation just command to not require wheel 2024-08-18 18:35:56 -07:00
qoijjj
31b1339fa5 chore: disable yafti run on config change as it causes user confusion 2024-08-11 04:49:00 -07:00
Ivo Damjanović
94eca70c71 fix: container policy hardening script for cosmic images (#367) 2024-08-10 20:54:31 -07:00
qoijjj
3b927dc8ed fix: check only the first string token when searching lsattr 2024-08-10 03:56:35 -07:00
qoijjj
872cb784ef feat: add ujust command to lock bash environment files to mitigate LD… (#365) 2024-08-09 16:14:44 -07:00
qoijjj
0104d6a697 fix: revert container policy hardening migration to /etc until upstream migrates 2024-08-08 17:28:44 -07:00
fiftydinar
378caba43f docs: clarify disablement of GNOME user extensions better (#364) 2024-08-08 15:59:25 -07:00
qoijjj
3fb96ece10 chore: move /usr/etc to /etc per upstream rpm-ostree recommendation 2024-08-08 15:48:30 -07:00
SnuggleCovenant
4c85413563 remove gnome videos (totem) from yafti.yml (#363) 
the totem app is abandoned
 2024-08-07 14:53:34 -07:00
fiftydinar
e1a130f6f9 feat: Disable user Gnome extensions & user-installation of them (#361) 2024-08-06 17:14:30 -07:00
qoijjj
78b531846d chore: fix build by isolating silverblue-only package 2024-08-06 10:39:05 -07:00
qoijjj
2318f83a9a chore: ensure package consistency across images 2024-08-06 10:01:13 -07:00
qoijjj
f75215cfdf fix: set permissions for xwayland file in ujust command 2024-08-03 12:19:43 -07:00
spaceoden
c21a697252 Update 60-custom.just.readme.md to put new kargs in the correct section (#357) 
the new kargs were added to set-kargs-hardening, not set-kargs-hardening-unstable
 2024-08-02 13:01:52 -07:00
qoijjj
9f56f2ff06 feat: set additional kargs to override suboptimal defaults 2024-08-01 22:43:23 -07:00
qoijjj
084fe1a40c fix: remove usbguard-dbus due to insufficient systemd sandboxing (#352) 2024-07-31 14:20:49 -07:00
qoijjj
eea350af56 fix: remove comments from harden-flatpak ujust command to fix just parsing 2024-07-30 16:26:34 -07:00
spaceoden
7c0976da7e feat: add to harden-flatpak logic that applies the highest supported hwcap (#346) 2024-07-30 15:31:43 -07:00
qoijjj
b31aff0994 fix: prevent bluefin yafti from starting 2024-07-30 00:22:30 -07:00
qoijjj
298bbda019 fix: ujust command typos 2024-07-30 00:03:25 -07:00
qoijjj
b9fc6e4826 feat: remove xwayland by default (#347) 2024-07-29 23:02:10 -07:00
Root
9a843f3861 docs: add docs to JIT disable in Gnome (#345) 
* Add docs to JIT disable in Gnome

* Properly add env file in ujust
 2024-07-29 09:57:15 -07:00
Root
1a55f1549b feat: add ujust to toggle Gnome JS JIT (#344) 
* Add ujust to toggle Gnome JS JIT

* Disable Gnome JIT by default
 2024-07-28 21:48:48 -07:00
qoijjj
abcdd4e3ac chore: remove chsh 2024-07-28 21:39:58 -07:00
qoijjj
45c9506980 feat: switch to hardened-chromium (#343) 
* fix: selinux policy for chrome suid sandbox

* feat: switch to hardened-chromium
 2024-07-28 21:12:45 -07:00
Tommy
be1effa83d Remove net.ipv4.conf.*.secure_redirects = 0 (#315) 
squash
 2024-07-27 12:38:16 -07:00